diff options
Diffstat (limited to 'docs/howtos')
93 files changed, 1192 insertions, 4 deletions
diff --git a/docs/howtos/t60_dev/.htaccess b/docs/howtos/t60_dev/.htaccess new file mode 100644 index 0000000..75da674 --- /dev/null +++ b/docs/howtos/t60_dev/.htaccess @@ -0,0 +1,2 @@ +Options +Indexes +IndexOptions FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=* diff --git a/docs/howtos/t60_dev/0001.JPG b/docs/howtos/t60_dev/0001.JPG Binary files differnew file mode 100644 index 0000000..84d2f4f --- /dev/null +++ b/docs/howtos/t60_dev/0001.JPG diff --git a/docs/howtos/t60_dev/0002.JPG b/docs/howtos/t60_dev/0002.JPG Binary files differnew file mode 100644 index 0000000..5f8ead5 --- /dev/null +++ b/docs/howtos/t60_dev/0002.JPG diff --git a/docs/howtos/t60_dev/0003.JPG b/docs/howtos/t60_dev/0003.JPG Binary files differnew file mode 100644 index 0000000..4b0826f --- /dev/null +++ b/docs/howtos/t60_dev/0003.JPG diff --git a/docs/howtos/t60_dev/0004.JPG b/docs/howtos/t60_dev/0004.JPG Binary files differnew file mode 100644 index 0000000..42d9086 --- /dev/null +++ b/docs/howtos/t60_dev/0004.JPG diff --git a/docs/howtos/t60_dev/0005.JPG b/docs/howtos/t60_dev/0005.JPG Binary files differnew file mode 100644 index 0000000..8e9bce3 --- /dev/null +++ b/docs/howtos/t60_dev/0005.JPG diff --git a/docs/howtos/t60_dev/0006.JPG b/docs/howtos/t60_dev/0006.JPG Binary files differnew file mode 100644 index 0000000..6371b46 --- /dev/null +++ b/docs/howtos/t60_dev/0006.JPG diff --git a/docs/howtos/t60_dev/0007.JPG b/docs/howtos/t60_dev/0007.JPG Binary files differnew file mode 100644 index 0000000..cedc9d9 --- /dev/null +++ b/docs/howtos/t60_dev/0007.JPG diff --git a/docs/howtos/t60_dev/0008.JPG b/docs/howtos/t60_dev/0008.JPG Binary files differnew file mode 100644 index 0000000..bec57a1 --- /dev/null +++ b/docs/howtos/t60_dev/0008.JPG diff --git a/docs/howtos/t60_dev/0009.JPG b/docs/howtos/t60_dev/0009.JPG Binary files differnew file mode 100644 index 0000000..aeeda57 --- /dev/null +++ b/docs/howtos/t60_dev/0009.JPG diff --git a/docs/howtos/t60_dev/0010.JPG b/docs/howtos/t60_dev/0010.JPG Binary files differnew file mode 100644 index 0000000..c776171 --- /dev/null +++ b/docs/howtos/t60_dev/0010.JPG diff --git a/docs/howtos/t60_dev/0011.JPG b/docs/howtos/t60_dev/0011.JPG Binary files differnew file mode 100644 index 0000000..24cb443 --- /dev/null +++ b/docs/howtos/t60_dev/0011.JPG diff --git a/docs/howtos/t60_dev/0012.JPG b/docs/howtos/t60_dev/0012.JPG Binary files differnew file mode 100644 index 0000000..c719958 --- /dev/null +++ b/docs/howtos/t60_dev/0012.JPG diff --git a/docs/howtos/t60_dev/0013.JPG b/docs/howtos/t60_dev/0013.JPG Binary files differnew file mode 100644 index 0000000..b8ed7ee --- /dev/null +++ b/docs/howtos/t60_dev/0013.JPG diff --git a/docs/howtos/t60_dev/0014.JPG b/docs/howtos/t60_dev/0014.JPG Binary files differnew file mode 100644 index 0000000..5160dc3 --- /dev/null +++ b/docs/howtos/t60_dev/0014.JPG diff --git a/docs/howtos/t60_dev/0015.JPG b/docs/howtos/t60_dev/0015.JPG Binary files differnew file mode 100644 index 0000000..0c1fd18 --- /dev/null +++ b/docs/howtos/t60_dev/0015.JPG diff --git a/docs/howtos/t60_dev/0016.JPG b/docs/howtos/t60_dev/0016.JPG Binary files differnew file mode 100644 index 0000000..c698be2 --- /dev/null +++ b/docs/howtos/t60_dev/0016.JPG diff --git a/docs/howtos/t60_dev/0017.JPG b/docs/howtos/t60_dev/0017.JPG Binary files differnew file mode 100644 index 0000000..652a66e --- /dev/null +++ b/docs/howtos/t60_dev/0017.JPG diff --git a/docs/howtos/t60_dev/0018.JPG b/docs/howtos/t60_dev/0018.JPG Binary files differnew file mode 100644 index 0000000..cf43067 --- /dev/null +++ b/docs/howtos/t60_dev/0018.JPG diff --git a/docs/howtos/t60_dev/0019.JPG b/docs/howtos/t60_dev/0019.JPG Binary files differnew file mode 100644 index 0000000..a75f68a --- /dev/null +++ b/docs/howtos/t60_dev/0019.JPG diff --git a/docs/howtos/t60_dev/0020.JPG b/docs/howtos/t60_dev/0020.JPG Binary files differnew file mode 100644 index 0000000..0c4f7db --- /dev/null +++ b/docs/howtos/t60_dev/0020.JPG diff --git a/docs/howtos/t60_dev/0021.JPG b/docs/howtos/t60_dev/0021.JPG Binary files differnew file mode 100644 index 0000000..c7d5757 --- /dev/null +++ b/docs/howtos/t60_dev/0021.JPG diff --git a/docs/howtos/t60_dev/0022.JPG b/docs/howtos/t60_dev/0022.JPG Binary files differnew file mode 100644 index 0000000..5971da2 --- /dev/null +++ b/docs/howtos/t60_dev/0022.JPG diff --git a/docs/howtos/t60_dev/0023.JPG b/docs/howtos/t60_dev/0023.JPG Binary files differnew file mode 100644 index 0000000..99f67c3 --- /dev/null +++ b/docs/howtos/t60_dev/0023.JPG diff --git a/docs/howtos/t60_dev/0024.JPG b/docs/howtos/t60_dev/0024.JPG Binary files differnew file mode 100644 index 0000000..f89b537 --- /dev/null +++ b/docs/howtos/t60_dev/0024.JPG diff --git a/docs/howtos/t60_dev/0025.JPG b/docs/howtos/t60_dev/0025.JPG Binary files differnew file mode 100644 index 0000000..d6b180e --- /dev/null +++ b/docs/howtos/t60_dev/0025.JPG diff --git a/docs/howtos/t60_dev/0026.JPG b/docs/howtos/t60_dev/0026.JPG Binary files differnew file mode 100644 index 0000000..c8f3299 --- /dev/null +++ b/docs/howtos/t60_dev/0026.JPG diff --git a/docs/howtos/t60_dev/0027.JPG b/docs/howtos/t60_dev/0027.JPG Binary files differnew file mode 100644 index 0000000..10ab8e0 --- /dev/null +++ b/docs/howtos/t60_dev/0027.JPG diff --git a/docs/howtos/t60_dev/0028.JPG b/docs/howtos/t60_dev/0028.JPG Binary files differnew file mode 100644 index 0000000..64cba1c --- /dev/null +++ b/docs/howtos/t60_dev/0028.JPG diff --git a/docs/howtos/t60_dev/0029.JPG b/docs/howtos/t60_dev/0029.JPG Binary files differnew file mode 100644 index 0000000..960ebdd --- /dev/null +++ b/docs/howtos/t60_dev/0029.JPG diff --git a/docs/howtos/t60_dev/0030.JPG b/docs/howtos/t60_dev/0030.JPG Binary files differnew file mode 100644 index 0000000..046fd00 --- /dev/null +++ b/docs/howtos/t60_dev/0030.JPG diff --git a/docs/howtos/t60_dev/0031.JPG b/docs/howtos/t60_dev/0031.JPG Binary files differnew file mode 100644 index 0000000..870f22b --- /dev/null +++ b/docs/howtos/t60_dev/0031.JPG diff --git a/docs/howtos/t60_dev/0032.JPG b/docs/howtos/t60_dev/0032.JPG Binary files differnew file mode 100644 index 0000000..70ff44a --- /dev/null +++ b/docs/howtos/t60_dev/0032.JPG diff --git a/docs/howtos/t60_dev/0033.JPG b/docs/howtos/t60_dev/0033.JPG Binary files differnew file mode 100644 index 0000000..142ca97 --- /dev/null +++ b/docs/howtos/t60_dev/0033.JPG diff --git a/docs/howtos/t60_dev/0034.JPG b/docs/howtos/t60_dev/0034.JPG Binary files differnew file mode 100644 index 0000000..907192e --- /dev/null +++ b/docs/howtos/t60_dev/0034.JPG diff --git a/docs/howtos/t60_dev/0035.JPG b/docs/howtos/t60_dev/0035.JPG Binary files differnew file mode 100644 index 0000000..bf38c89 --- /dev/null +++ b/docs/howtos/t60_dev/0035.JPG diff --git a/docs/howtos/t60_dev/0036.JPG b/docs/howtos/t60_dev/0036.JPG Binary files differnew file mode 100644 index 0000000..a7e5bdf --- /dev/null +++ b/docs/howtos/t60_dev/0036.JPG diff --git a/docs/howtos/t60_dev/0037.JPG b/docs/howtos/t60_dev/0037.JPG Binary files differnew file mode 100644 index 0000000..ab30c27 --- /dev/null +++ b/docs/howtos/t60_dev/0037.JPG diff --git a/docs/howtos/t60_dev/0038.JPG b/docs/howtos/t60_dev/0038.JPG Binary files differnew file mode 100644 index 0000000..362c547 --- /dev/null +++ b/docs/howtos/t60_dev/0038.JPG diff --git a/docs/howtos/t60_dev/0039.JPG b/docs/howtos/t60_dev/0039.JPG Binary files differnew file mode 100644 index 0000000..224f72e --- /dev/null +++ b/docs/howtos/t60_dev/0039.JPG diff --git a/docs/howtos/t60_dev/0040.JPG b/docs/howtos/t60_dev/0040.JPG Binary files differnew file mode 100644 index 0000000..adcd923 --- /dev/null +++ b/docs/howtos/t60_dev/0040.JPG diff --git a/docs/howtos/t60_dev/0041.JPG b/docs/howtos/t60_dev/0041.JPG Binary files differnew file mode 100644 index 0000000..2a04682 --- /dev/null +++ b/docs/howtos/t60_dev/0041.JPG diff --git a/docs/howtos/t60_dev/0042.JPG b/docs/howtos/t60_dev/0042.JPG Binary files differnew file mode 100644 index 0000000..b5ed8ec --- /dev/null +++ b/docs/howtos/t60_dev/0042.JPG diff --git a/docs/howtos/t60_dev/0043.JPG b/docs/howtos/t60_dev/0043.JPG Binary files differnew file mode 100644 index 0000000..7144a98 --- /dev/null +++ b/docs/howtos/t60_dev/0043.JPG diff --git a/docs/howtos/t60_dev/0044.JPG b/docs/howtos/t60_dev/0044.JPG Binary files differnew file mode 100644 index 0000000..27a24c6 --- /dev/null +++ b/docs/howtos/t60_dev/0044.JPG diff --git a/docs/howtos/t60_dev/0045.JPG b/docs/howtos/t60_dev/0045.JPG Binary files differnew file mode 100644 index 0000000..997b498 --- /dev/null +++ b/docs/howtos/t60_dev/0045.JPG diff --git a/docs/howtos/t60_dev/0046.JPG b/docs/howtos/t60_dev/0046.JPG Binary files differnew file mode 100644 index 0000000..25d6baa --- /dev/null +++ b/docs/howtos/t60_dev/0046.JPG diff --git a/docs/howtos/t60_dev/0047.JPG b/docs/howtos/t60_dev/0047.JPG Binary files differnew file mode 100644 index 0000000..6b57bf3 --- /dev/null +++ b/docs/howtos/t60_dev/0047.JPG diff --git a/docs/howtos/t60_dev/0048.JPG b/docs/howtos/t60_dev/0048.JPG Binary files differnew file mode 100644 index 0000000..7339f07 --- /dev/null +++ b/docs/howtos/t60_dev/0048.JPG diff --git a/docs/howtos/t60_dev/0049.JPG b/docs/howtos/t60_dev/0049.JPG Binary files differnew file mode 100644 index 0000000..cf3a7fd --- /dev/null +++ b/docs/howtos/t60_dev/0049.JPG diff --git a/docs/howtos/t60_dev/0050.JPG b/docs/howtos/t60_dev/0050.JPG Binary files differnew file mode 100644 index 0000000..7de4edd --- /dev/null +++ b/docs/howtos/t60_dev/0050.JPG diff --git a/docs/howtos/t60_dev/0051.JPG b/docs/howtos/t60_dev/0051.JPG Binary files differnew file mode 100644 index 0000000..87c41b3 --- /dev/null +++ b/docs/howtos/t60_dev/0051.JPG diff --git a/docs/howtos/t60_dev/0052.JPG b/docs/howtos/t60_dev/0052.JPG Binary files differnew file mode 100644 index 0000000..4a8e443 --- /dev/null +++ b/docs/howtos/t60_dev/0052.JPG diff --git a/docs/howtos/t60_dev/0053.JPG b/docs/howtos/t60_dev/0053.JPG Binary files differnew file mode 100644 index 0000000..e1044fc --- /dev/null +++ b/docs/howtos/t60_dev/0053.JPG diff --git a/docs/howtos/t60_dev/0054.JPG b/docs/howtos/t60_dev/0054.JPG Binary files differnew file mode 100644 index 0000000..c96c020 --- /dev/null +++ b/docs/howtos/t60_dev/0054.JPG diff --git a/docs/howtos/t60_dev/0055.JPG b/docs/howtos/t60_dev/0055.JPG Binary files differnew file mode 100644 index 0000000..6da87d5 --- /dev/null +++ b/docs/howtos/t60_dev/0055.JPG diff --git a/docs/howtos/t60_dev/0056.JPG b/docs/howtos/t60_dev/0056.JPG Binary files differnew file mode 100644 index 0000000..81a6659 --- /dev/null +++ b/docs/howtos/t60_dev/0056.JPG diff --git a/docs/howtos/t60_dev/0057.JPG b/docs/howtos/t60_dev/0057.JPG Binary files differnew file mode 100644 index 0000000..268fede --- /dev/null +++ b/docs/howtos/t60_dev/0057.JPG diff --git a/docs/howtos/t60_dev/0058.JPG b/docs/howtos/t60_dev/0058.JPG Binary files differnew file mode 100644 index 0000000..bedfb12 --- /dev/null +++ b/docs/howtos/t60_dev/0058.JPG diff --git a/docs/howtos/t60_dev/0059.JPG b/docs/howtos/t60_dev/0059.JPG Binary files differnew file mode 100644 index 0000000..422687c --- /dev/null +++ b/docs/howtos/t60_dev/0059.JPG diff --git a/docs/howtos/t60_dev/0060.JPG b/docs/howtos/t60_dev/0060.JPG Binary files differnew file mode 100644 index 0000000..8743c0d --- /dev/null +++ b/docs/howtos/t60_dev/0060.JPG diff --git a/docs/howtos/t60_dev/0061.JPG b/docs/howtos/t60_dev/0061.JPG Binary files differnew file mode 100644 index 0000000..e05f626 --- /dev/null +++ b/docs/howtos/t60_dev/0061.JPG diff --git a/docs/howtos/t60_dev/0062.JPG b/docs/howtos/t60_dev/0062.JPG Binary files differnew file mode 100644 index 0000000..1fe77a7 --- /dev/null +++ b/docs/howtos/t60_dev/0062.JPG diff --git a/docs/howtos/t60_dev/0063.JPG b/docs/howtos/t60_dev/0063.JPG Binary files differnew file mode 100644 index 0000000..87b7761 --- /dev/null +++ b/docs/howtos/t60_dev/0063.JPG diff --git a/docs/howtos/t60_dev/0064.JPG b/docs/howtos/t60_dev/0064.JPG Binary files differnew file mode 100644 index 0000000..e80189e --- /dev/null +++ b/docs/howtos/t60_dev/0064.JPG diff --git a/docs/howtos/t60_dev/0065.JPG b/docs/howtos/t60_dev/0065.JPG Binary files differnew file mode 100644 index 0000000..4e77a88 --- /dev/null +++ b/docs/howtos/t60_dev/0065.JPG diff --git a/docs/howtos/t60_dev/0066.JPG b/docs/howtos/t60_dev/0066.JPG Binary files differnew file mode 100644 index 0000000..793c0f8 --- /dev/null +++ b/docs/howtos/t60_dev/0066.JPG diff --git a/docs/howtos/t60_dev/0068.JPG b/docs/howtos/t60_dev/0068.JPG Binary files differnew file mode 100644 index 0000000..9f9f299 --- /dev/null +++ b/docs/howtos/t60_dev/0068.JPG diff --git a/docs/howtos/t60_dev/0069.JPG b/docs/howtos/t60_dev/0069.JPG Binary files differnew file mode 100644 index 0000000..98931e6 --- /dev/null +++ b/docs/howtos/t60_dev/0069.JPG diff --git a/docs/howtos/t60_dev/0070.JPG b/docs/howtos/t60_dev/0070.JPG Binary files differnew file mode 100644 index 0000000..09958c3 --- /dev/null +++ b/docs/howtos/t60_dev/0070.JPG diff --git a/docs/howtos/t60_dev/0071.JPG b/docs/howtos/t60_dev/0071.JPG Binary files differnew file mode 100644 index 0000000..104d21e --- /dev/null +++ b/docs/howtos/t60_dev/0071.JPG diff --git a/docs/howtos/t60_dev/0072.JPG b/docs/howtos/t60_dev/0072.JPG Binary files differnew file mode 100644 index 0000000..66c8e3b --- /dev/null +++ b/docs/howtos/t60_dev/0072.JPG diff --git a/docs/howtos/t60_dev/0073.JPG b/docs/howtos/t60_dev/0073.JPG Binary files differnew file mode 100644 index 0000000..5d9b9fa --- /dev/null +++ b/docs/howtos/t60_dev/0073.JPG diff --git a/docs/howtos/t60_dev/0074.JPG b/docs/howtos/t60_dev/0074.JPG Binary files differnew file mode 100644 index 0000000..303264a --- /dev/null +++ b/docs/howtos/t60_dev/0074.JPG diff --git a/docs/howtos/t60_heatsink.html b/docs/howtos/t60_heatsink.html new file mode 100644 index 0000000..d2d52fd --- /dev/null +++ b/docs/howtos/t60_heatsink.html @@ -0,0 +1,126 @@ +<!DOCTYPE html> +<html> +<head> + <meta charset="utf-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + + <style type="text/css"> + body { + background:#fff; + color:#000; + font-family:sans-serif; + font-size:1em; + } + </style> + + <title>Libreboot documentation: Unbricking the ThinkPad T60</title> +</head> + +<body> + + <header> + <h1>Changing heatsink (or CPU) on the ThinkPad T60</h1> + <aside>Using this guide you can also change/upgrade the CPU.</aside> + </header> + + <p>Or go <a href="../index.html">back to main index</a></p> + + <h1 id="hardware_requirements">Hardware requirements</h1> + <ul> + <li>rubbing a***hol (misspelling intentional. halal internet) and thermal compound for changing CPU heatsink (procedure involves removing heatsink)</li> + <li>thermal compound/paste (Arctic Silver 5 is good. Others are also good.)</li> + </ul> + + <h1 id="software_requirements">Software requirements</h1> + <ul> + <li>xsensors</li> + <li>stress</li> + </ul> + + <h1 id="recovery">Disassembly</h1> + + <p> + Remove those screws and remove the HDD:<br/> + <img src="t60_dev/0001.JPG" alt="" /> <img src="t60_dev/0002.JPG" alt="" /> + </p> + + <p> + Lift off the palm rest:<br/> + <img src="t60_dev/0003.JPG" alt="" /> + </p> + + <p> + Lift up the keyboard, pull it back a bit, flip it over like that and then disconnect it from the board:<br/> + <img src="t60_dev/0004.JPG" alt="" /> <img src="t60_dev/0005.JPG" alt="" /> <img src="t60_dev/0006.JPG" alt="" /> + </p> + + <p> + Gently wedge both sides loose:<br/> + <img src="t60_dev/0007.JPG" alt="" /> <img src="t60_dev/0008.JPG" alt="" /> + </p> + + <p> + Remove that cable from the position:<br/> + <img src="t60_dev/0009.JPG" alt="" /> <img src="t60_dev/0010.JPG" alt="" /> + </p> + + <p> + Remove the bezel (sorry forgot to take pics). + </p> + + <p> + On the CPU (and there is another chip south-east to it, sorry forgot to take pic) + clean off the old thermal paste (rubbing a1ocheal (misspelling intentional. halal internet)) and apply new (Artic Silver 5 is good, others are good too) + you should also clean the heatsink the same way<br/> + <img src="t60_dev/0051.JPG" alt="" /> + </p> + + <p> + This is also an opportunity to change the CPU to another one. For example if you had a Core Duo T2400, you can upgrade it to a better processor + (higher speed, 64-bit support). A Core 2 Duo T7600 was installed here. + </p> + + <p> + Attach the heatsink and install the screws (also, make sure to install the AC jack as highlighted):<br/> + <img src="t60_dev/0052.JPG" alt="" /> + </p> + + <p> + Reinstall that upper bezel:<br/> + <img src="t60_dev/0053.JPG" alt="" /> + </p> + + <p> + Do that:<br/> + <img src="t60_dev/0054.JPG" alt="" /> <img src="t60_dev/0055.JPG" alt="" /> + </p> + + <p> + Attach keyboard:<br/> + <img src="t60_dev/0056.JPG" alt="" /> + </p> + + <p> + Place keyboard and (sorry, forgot to take pics) reinstall the palmrest and insert screws on the underside:<br/> + <img src="t60_dev/0058.JPG" alt="" /> + </p> + + <p> + It lives!<br/> + <img src="t60_dev/0071.JPG" alt="" /> <img src="t60_dev/0072.JPG" alt="" /> <img src="t60_dev/0073.JPG" alt="" /> + </p> + + <p> + Always stress test ('stress -c 2' and xsensors. below 90C is ok) when replacing cpu paste/heatsink:<br/> + <img src="t60_dev/0074.JPG" alt="" /> + </p> + +<hr/> + + <p> + Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> + See <a href="../license.html">../license.html</a> for license conditions. + </p> + +</body> +</html> diff --git a/docs/howtos/t60_lcd_15.html b/docs/howtos/t60_lcd_15.html new file mode 100644 index 0000000..b5fbd5f --- /dev/null +++ b/docs/howtos/t60_lcd_15.html @@ -0,0 +1,87 @@ +<!DOCTYPE html> +<html> +<head> + <meta charset="utf-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + + <style type="text/css"> + body { + background:#fff; + color:#000; + font-family:sans-serif; + font-size:1em; + } + </style> + + <title>Libreboot documentation: Unbricking the ThinkPad T60</title> +</head> + +<body> + + <header> + <h1>Changing the LCD panel on a 15.1" T60</h1> + <aside>This is for the 15.1" T60. If you have another size then the procedure will differ; for example, on 14.1" you have + to remove the hinges and the procedure is a bit more involved than on 15.1".</aside> + </header> + + <p>Or go <a href="../index.html">back to main index</a></p> + + <h1 id="recovery">Disassembly</h1> + + <p> + Remove those covers and unscrew:<br/> + <img src="t60_dev/0059.JPG" alt="" /> <img src="t60_dev/0060.JPG" alt="" /> <img src="t60_dev/0061.JPG" alt="" /> + </p> + + <p> + Gently pry off the front bezel. + </p> + + <p> + Remove inverter board:<br/> + <img src="t60_dev/0064.JPG" alt="" /> + </p> + + <p> + Disconnect LCD cable:<br/> + <img src="t60_dev/0065.JPG" alt="" /> + </p> + + <p> + Remove the panel:<br/> + <img src="t60_dev/0066.JPG" alt="" /> + </p> + + <p> + Move the rails (left and right side) from the old panel to the new one and then attach LCD cable:<br/> + <img src="t60_dev/0068.JPG" alt="" /> + </p> + + <p> + Insert panel (this one is an LG-Philips LP150E05-A2K1, and there are others. See <a href="../index.html#supported_t60_list">../index.html#supported_t60_list</a>):<br/> + <img src="t60_dev/0069.JPG" alt="" /> + </p> + + <p> + Insert new inverter board (see <a href="../index.html#supported_t60_list">../index.html#supported_t60_list</a> for what is recommended on your LCD panel):<br/> + <img src="t60_dev/0070.JPG" alt="" /> + </p> + + <p> + Now re-attach the front bezel and put all the screws in. + </p> + + <p> + It lives!<br/> + <img src="t60_dev/0071.JPG" alt="" /> <img src="t60_dev/0072.JPG" alt="" /> <img src="t60_dev/0073.JPG" alt="" /> + </p> + +<hr/> + + <p> + Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> + See <a href="../license.html">../license.html</a> for license conditions. + </p> + +</body> +</html> diff --git a/docs/howtos/t60_security.html b/docs/howtos/t60_security.html new file mode 100644 index 0000000..0ce3645 --- /dev/null +++ b/docs/howtos/t60_security.html @@ -0,0 +1,431 @@ +<!DOCTYPE html> +<html> +<head> + <meta charset="utf-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + + <style type="text/css"> + body { + background:#fff; + color:#000; + font-family:sans-serif; + font-size:1em; + } + </style> + + <title>Libreboot documentation: Security on the ThinkPad T60</title> +</head> + +<body> + + <header> + <h1>Security on the ThinkPad T60</h1> + <aside>Hardware modifications to enhance security on the ThinkPad T60. This tutorial is <b>incomplete</b> at the time of writing.</aside> + </header> + + <p>Or go <a href="../index.html">back to main index</a></p> + + <h2>Table of Contents</h2> + <ul> + <li><a href="#hardware_requirements">Hardware Requirements</a></li> + <li><a href="#software_requirements">Software Requirements</a></li> + <li><a href="#procedure">The procedure</a></li> + </ul> + + <h1 id="hardware_requirements">Hardware requirements</h1> + <ul> + <li>A T60</li> + <li>screwdriver</li> + <li>(in a later version of this tutorial: soldering iron and scalpel)</li> + </ul> + + <h1 id="software_requirements">Software requirements</h1> + <ul> + <li>none (at least in the scope of the article as-is)</li> + <li>You probably want to encrypt your GNU/Linux install using LUKS</li> + </ul> + + <h1> + Rationale + </h1> + <p> + Most people think of security on the software side: the hardware is important aswell. + Hardware security is useful in particular to journalists (or activists in a given movement) who need absolute privacy in their work. + It is also generally useful to all those that believe security and privacy are inalienable rights. + Security starts with the hardware; crypto and network security come later. + </p> + <p> + Paradoxically, going this far to increase your security also makes you a bigger target. + At the same time, it protects you in the case that someone does attack your machine. + This paradox only exists while few people take adequate steps to protect yourself: it is your <b>duty</b> + to protect yourself, not only for your benefit but to make strong security <i>normal</i> so + that those who do need protection (and claim it) are a smaller target against the masses. + </p> + <p> + Even if there are levels of security beyond your ability (technically, financially and so on) + doing at least <i>something</i> (what you are able to do) is extremely important. + If you use the internet and your computer without protection, attacking you is cheap (some say it is + only a few US cents). If everyone (majority of people) use strong security by default, + it makes attacks more costly and time consuming; in effect, making them disappear. + </p> + <p> + This tutorial deals with reducing the number of devices that have direct memory access that + could communicate with inputs/outputs that could be used to remotely + command the machine (or leak data). + </p> + + <h1 id="procedure">Disassembly</h1> + + <p> + Remove those screws and remove the HDD:<br/> + <img src="t60_dev/0001.JPG" alt="" /> <img src="t60_dev/0002.JPG" alt="" /> + </p> + + <p> + Lift off the palm rest:<br/> + <img src="t60_dev/0003.JPG" alt="" /> + </p> + + <p> + Lift up the keyboard, pull it back a bit, flip it over like that and then disconnect it from the board:<br/> + <img src="t60_dev/0004.JPG" alt="" /> <img src="t60_dev/0005.JPG" alt="" /> <img src="t60_dev/0006.JPG" alt="" /> + </p> + + <p> + Gently wedge both sides loose:<br/> + <img src="t60_dev/0007.JPG" alt="" /> <img src="t60_dev/0008.JPG" alt="" /> + </p> + + <p> + Remove that cable from the position:<br/> + <img src="t60_dev/0009.JPG" alt="" /> <img src="t60_dev/0010.JPG" alt="" /> + </p> + + <p> + Now remove that bezel. Remove wifi, nvram battery and speaker connector (also remove 56k modem, on the left of wifi):<br/> + <img src="t60_dev/0011.JPG" alt="" /><br/> + Reason: has direct (and very fast) memory access, and could (theoretically) leak data over a side-channel.<br/> + <b>Wifi:</b> The ath5k/ath9k cards might not have firmware at all. They might safe but could have + access to the computer's RAM trough DMA. If people have an intel + card(most T60's come with Intel wifi by default, until you change it),then that card runs + a non-free firwamre and has access to the computer's RAM trough DMA! So + it's risk-level is very high. + </p> + + <p> + Remove those screws:<br/> + <img src="t60_dev/0012.JPG" alt="" /> + </p> + + <p> + Disconnect the power jack:<br/> + <img src="t60_dev/0013.JPG" alt="" /> + </p> + + <p> + Remove nvram battery (we will put it back later):<br/> + <img src="t60_dev/0014.JPG" alt="" /> + </p> + + <p> + Disconnect cable (for 56k modem) and disconnect the other cable:<br/> + <img src="t60_dev/0015.JPG" alt="" /> <img src="t60_dev/0016.JPG" alt="" /> + </p> + + <p> + Disconnect speaker cable:<br/> + <img src="t60_dev/0017.JPG" alt="" /> + </p> + + <p> + Disconnect the other end of the 56k modem cable:<br/> + <img src="t60_dev/0018.JPG" alt="" /> + </p> + + <p> + Make sure you removed it:<br/> + <img src="t60_dev/0019.JPG" alt="" /> + </p> + + <p> + Unscrew those:<br/> + <img src="t60_dev/0020.JPG" alt="" /> + </p> + + <p> + Make sure you removed those:<br/> + <img src="t60_dev/0021.JPG" alt="" /> + </p> + + <p> + Disconnect LCD cable from board:<br/> + <img src="t60_dev/0022.JPG" alt="" /> + </p> + + <p> + Remove those screws then remove the LCD assembly:<br/> + <img src="t60_dev/0023.JPG" alt="" /> <img src="t60_dev/0024.JPG" alt="" /> <img src="t60_dev/0025.JPG" alt="" /> + </p> + + <p> + Once again, make sure you removed those:<br/> + <img src="t60_dev/0026.JPG" alt="" /> + </p> + + <p> + Remove the shielding containing the motherboard, then flip it over. Remove these screws, placing them on a steady + surface in the same layout as they were in before you removed them. Also, you should mark each screw hole after removing the + screw (a permanent marker pen will do), this is so that you have a point of reference when re-assembling the machine:<br/> + <img src="t60_dev/0027.JPG" alt="" /> <img src="t60_dev/0028.JPG" alt="" /> <img src="t60_dev/0029.JPG" alt="" /> + <img src="t60_dev/0031.JPG" alt="" /> <img src="t60_dev/0032.JPG" alt="" /> <img src="t60_dev/0033.JPG" alt="" /> + </p> + + <p> + Remove microphone (soldering iron not needed. Just wedge it out gently):<br/> + <img src="t60_dev/0039.JPG" alt="" /><br/> + <b>Rationale:</b><br/> + Another reason to remove the microphone: If your computer gets<a href="#ref1">[1]</a> compromised, it can + record what you say, and use it to receive data from nearby devices if + they're compromised too. Also, we do not know what the built-in microcode (in the CPU) is doing; it could theoretically + be programmed to accept remote commands from some speaker somewhere (remote security hole). <b>In other words, + the machine could already be compromised from the factory.</b> + </p> + + <p> + Remove infrared:<br/> + <img src="t60_dev/0040.JPG" alt="" /> <img src="t60_dev/0042.JPG" alt="" /> + </p> + + <p> + Remove cardbus (it's in a socket, no need to disable. Just remove the port itself):<br/> + <img src="t60_dev/0041.JPG" alt="" /><br/> + <b>Rationale:</b><br/> + It has direct memory access and can be used to extract sensitive details (such as LUKS keys). See + 'GoodBIOS' video linked at the end (speaker is Peter Stuge, a coreboot hacker). The video covers X60 + but the same topics apply to T60. + </p> + + <p> + Before re-installing the upper chassis, remove the speaker:<br/> + <img src="t60_dev/0043.JPG" alt="" /> <img src="t60_dev/0044.JPG" alt="" /><br/> + Reason: combined with the microphone issue, this could be used to leak data.<br/> + If your computer gets<a href="#ref1">[1]</a> compromised, it can be used to + transmit data to nearby compromised devices. It's unknown if it can be + turned into a microphone<a href="#ref2">[2]</a>.<br/> + Replacement: headphones/speakers (line-out) or external DAC (USB). + </p> + + <p> + Remove the wwan:<br/> + <img src="t60_dev/0045.JPG" alt="" /><br/> + <b>Wwan (3d modem):</b> They run proprietary software and have access to the + computer's RAM! So it's like AMT but over the GSM network which is + probably even worse.<br/> + Replacement: external USB wifi dongle. (or USB wwan/3g dongle; note, this has all the same privacy issues as mobile phones. wwan not recommended). + </p> + + <p> + This is where the simcard connector is soldered. See notes above about wwan. Remove simcard by removing battery + and then it's accessible (so, remember to do this when you re-assemble. or you could do it now?)<br/> + <img src="t60_dev/0046.JPG" alt="" /> + </p> + + <p> + Put those screws back:<br/> + <img src="t60_dev/0047.JPG" alt="" /> + </p> + + <p> + Put it back into lower chassis:<br/> + <img src="t60_dev/0048.JPG" alt="" /> + </p> + + <p> + Attach LCD and insert screws (also, attach the lcd cable to the board):<br/> + <img src="t60_dev/0049.JPG" alt="" /> + </p> + + <p> + Insert those screws:<br/> + <img src="t60_dev/0050.JPG" alt="" /> + </p> + + <p> + On the CPU (and there is another chip south-east to it, sorry forgot to take pic) + clean off the old thermal paste (rubbing a1ocheal (misspelling intentional. halal internet)) and apply new (Artic Silver 5 is good, others are good too) + you should also clean the heatsink the same way<br/> + <img src="t60_dev/0051.JPG" alt="" /> + </p> + + <p> + Attach the heatsink and install the screws (also, make sure to install the AC jack as highlighted):<br/> + <img src="t60_dev/0052.JPG" alt="" /> + </p> + + <p> + Reinstall that upper bezel:<br/> + <img src="t60_dev/0053.JPG" alt="" /> + </p> + + <p> + Do that:<br/> + <img src="t60_dev/0054.JPG" alt="" /> <img src="t60_dev/0055.JPG" alt="" /> + </p> + + <p> + Attach keyboard and install nvram battery:<br/> + <img src="t60_dev/0056.JPG" alt="" /> <img src="t60_dev/0057.JPG" alt="" /> + </p> + + <p> + Place keyboard and (sorry, forgot to take pics) reinstall the palmrest and insert screws on the underside:<br/> + <img src="t60_dev/0058.JPG" alt="" /> + </p> + + <p> + Remove those covers and unscrew:<br/> + <img src="t60_dev/0059.JPG" alt="" /> <img src="t60_dev/0060.JPG" alt="" /> <img src="t60_dev/0061.JPG" alt="" /> + </p> + + <p> + Gently pry off the front bezel (sorry, forgot to take pics). + </p> + + <p> + Remove bluetooth module:<br/> + <img src="t60_dev/0062.JPG" alt="" /> <img src="t60_dev/0063.JPG" alt="" /> + </p> + + <p> + Re-attach the front bezel and re-insert the screws (sorry, forgot to take pics). + </p> + + <p> + It lives!<br/> + <img src="t60_dev/0071.JPG" alt="" /> <img src="t60_dev/0072.JPG" alt="" /> <img src="t60_dev/0073.JPG" alt="" /> + </p> + + <p> + Always stress test ('stress -c 2' and xsensors. below 90C is ok) when replacing cpu paste/heatsink:<br/> + <img src="t60_dev/0074.JPG" alt="" /> + </p> + + <h2> + Not covered yet: + </h2> + <ul> + <li>Disable flashing the ethernet firmware</li> + <li>Disable SPI flash writes (can be re-enabled by unsoldering two parts)</li> + <li>Disable use of xrandr/edid on external monitor (cut 2 pins on VGA)</li> + <li>Disable docking station (might be possible to do it in software, in coreboot upstream as a Kconfig option)</li> + </ul> + <p> + Go to <a href="http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html">http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html</a> + or directly to the video: <a href="http://mirror.netcologne.de/CCC/congress/2013/webm/30c3-5529-en-Hardening_hardware_and_choosing_a_goodBIOS_webm.webm">http://mirror.netcologne.de/CCC/congress/2013/webm/30c3-5529-en-Hardening_hardware_and_choosing_a_goodBIOS_webm.webm</a>. + </p> + <p> + A lot of this tutorial is based on that video. Look towards the second half of the video to see how to do the above. + </p> + + <h2> + Also not covered yet: + </h2> + <ul> + <li> + Intrusion detection: randomized seal on screws<br/> + Just put nail polish with lot of glider on the important screws, take + some good pictures. Keep the pictueres and make sure of their integrity. + Compare the nail polish with the pictures before powering on the laptop. + </li> + <li> + Tips about preventing/mitigating risk of cold boot attack. + <ul> + <li>soldered RAM?</li> + <li>wipe all RAM at boot/power-off/power-on? (patch in coreboot upstream?)</li> + <li>ask gnutoo about fallback patches (counts number of boots)</li> + </ul> + </li> + <li> + Software-based security hardening (GRUB trust/cryptomount, kernel LUKS/ecryptfs, etc). + <ul> + <li>modify grub to delay password attemps by a few seconds, and fail after a set time (and record all attemps in a counter, writing that to nvram)</li> + </ul> + </li> + <li> + General tips/advice and web links showing how to detect physical intrusions. + </li> + <li> + For example: <a href="http://cs.tau.ac.il/~tromer/acoustic/">http://cs.tau.ac.il/~tromer/acoustic/</a> + </li> + <li> + https://gitorious.org/gnutoo-for-coreboot/grub-assemble/source/a61f636797777a742f65f4c9c58032aa6a9b23c3: + </li> + </ul> + + <h1> + Extra notes + </h1> + <p> + EC: Cannot be removed but can be mitigated: it contains non-free + non-loadable code, but it has no access to the computer's RAM. + It has access to the on-switch of the wifi, bluetooth, modem and some + other power management features. The issue is that it has access to the + keyboard, however if the software security howto <b>(not yet written)</b> is followed correctly, + it won't be able to leak data to a local attacker. It has no network + access but it may still be able to leak data remotely, but that + requires someone to be nearby to recover the data with the help of an + SDR and some directional antennas<a href="#ref3">[3]</a>. + </p> + + <h2> + Risk level + </h2> + <ul> + <li>Modem (3g/wwan): highest</li> + <li>Intel wifi: Near highest</li> + <li>Atheros PCI wifi: unknown, but lower than intel wifi.</li> + <li>Microphone: only problematic if the computer gets compromised.</li> + <li>Speakers: only problematic if the computer gets compromised.</li> + <li>EC: can be mitigated if following the <b>(not yet written)</b> guide on software security.</li> + </ul> + + <h1> + References + </h1> + <h2 id="ref1">[1] physical access</h2> + <p> + Explain that black hats, TAO, and so on might use a 0day to get in, + and explain that in this case it mitigates what the attacker can do. + Also the TAO do some evaluation before launching an attack: they take + the probability of beeing caught into account, along with the kind of + target. A 0day costs a lot of money, I heard that it was from 100000$ + to 400000$, some other websites had prices 10 times lower but that + but it was probably a typo. So if people increase their security it + makes it more risky and more costly to attack people. + </p> + <h2 id="ref2">[2] microphone</h2> + <p> + It's possible to turn headphones into a microphone, you could try + yourself, however they don't record loud at all. Also intel cards have + the capability to change a connector's function, for instance the + microphone jack can now become a headphone plug, that's called + retasking. There is some support for it in GNU/Linux but it's not very + well known. + </p> + <h2 id="ref3">[3] Video (CCC)</h2> + <p> + 30c3-5356-en-Firmware_Fat_Camp_webm.webm from the 30th CCC. While + their demo is experimental(their hardware also got damaged during the + transport), the spies probably already have that since a long time. + <a href="http://berlin.ftp.media.ccc.de/congress/2013/webm/30c3-5356-en-Firmware_Fat_Camp_webm.webm">http://berlin.ftp.media.ccc.de/congress/2013/webm/30c3-5356-en-Firmware_Fat_Camp_webm.webm</a> + </p> + +<hr/> + + <p> + Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> + See <a href="../license.html">../license.html</a> for license conditions. + </p> + +</body> +</html> diff --git a/docs/howtos/t60_unbrick.html b/docs/howtos/t60_unbrick.html new file mode 100644 index 0000000..9a26212 --- /dev/null +++ b/docs/howtos/t60_unbrick.html @@ -0,0 +1,312 @@ +<!DOCTYPE html> +<html> +<head> + <meta charset="utf-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + + <style type="text/css"> + body { + background:#fff; + color:#000; + font-family:sans-serif; + font-size:1em; + } + </style> + + <title>Libreboot documentation: Unbricking the ThinkPad T60</title> +</head> + +<body> + + <header> + <h1>Unbricking the ThinkPad T60</h1> + <aside>This guide will show you how to recover from a bad flash that prevents your ThinkPad T60 from booting.</aside> + </header> + + <p>Or go <a href="../index.html">back to main index</a></p> + + <h2>Table of Contents</h2> + <ul> + <li><a href="#hardware_requirements">Hardware Requirements</a></li> + <li><a href="#software_requirements">Software Requirements</a></li> + <li> + Types of brick: + <ul> + <li><a href="#bucts_brick">Brick type 1: bucts not reset</a></li> + <li><a href="#recovery">Brick type 2: bad rom (or user error), machine won't boot</a></li> + </ul> + </li> + </ul> + + <h1 id="hardware_requirements">Hardware requirements</h1> + <ul> + <li>a 2nd computer (maybe another T60. any computer will do)</li> + <li>external flashrom-compatible programmer (I'm using the "bus pirate") + <li>SOIC-8 IC clip (I'm using the Pomona 5250)</li> + <li>Cable (programmer<>clip) - mine came with the bus pirate.</li> + <li>USB mini a to b cable (for buspirate<>computer connection).</li> + <li>rubbing a***hol (misspelling intentional. halal internet) and thermal compound for changing CPU heatsink (procedure involves removing heatsink)</li> + </ul> + + <h1 id="software_requirements">Software requirements</h1> + <ul> + <li>GNU/Linux (on the 2nd computer)</li> + <li>flashrom software (on the 2nd computer): <a href="http://flashrom.org/" target="_blank">http://flashrom.org/</a> + </ul> + + <h1 id="bucts_brick">Brick type 1: bucts not reset.</h1> + <p> + You still have Lenovo BIOS, or you had libreboot running and you flashed another ROM; and you had bucts 1 set and + the ROM wasn't dd'd.* or if Lenovo BIOS was present and libreboot wasn't flashed.<br/><br/> + + In this case, unbricking is easy: reset BUC.TS to 0 by removing that yellow cmos coin (it's a battery) and putting it back after a minute or two:<br/> + <img src="t60_dev/0006.JPG" alt="" /><br/><br/> + + *Those dd commands should be applied to all newly compiled T60 ROM's (the ROM's in libreboot binary archives already have this applied!):<br/> + dd if=coreboot.rom of=top64k.bin bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x10000] count=64k<br/> + dd if=coreboot.rom bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k | hexdump<br/> + dd if=top64k.bin of=coreboot.rom bs=1 seek=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k conv=notrunc<br/> + (doing this makes the ROM suitable for use when flashing a machine that still has Lenovo BIOS running, + using those instructions: <a href="http://www.coreboot.org/Board:lenovo/x60/Installation" target="_blank">http://www.coreboot.org/Board:lenovo/x60/Installation</a>. + (it says x60, but instructions for t60 are identical) + </p> + + <h1 id="recovery">bad rom (or user error), machine won't boot</h1> + + <p> + In this scenario, you compiled a ROM that had an incorrect configuration, or there is an actual bug preventing your machine from + booting. Or, maybe, you set BUC.TS to 0 and shut down after first flash while Lenovo BIOS was running. In any case, your machine is bricked and will not boot at all. + </p> + <p> + "Unbricking" means flashing a known-good (working) ROM. The problem: you can't boot the machine, making this difficult. In this situation, external hardware (see hardware requirements above) is needed which can flash the SPI chip (where libreboot resides). + </p> + + <p> + Remove those screws and remove the HDD:<br/> + <img src="t60_dev/0001.JPG" alt="" /> <img src="t60_dev/0002.JPG" alt="" /> + </p> + + <p> + Lift off the palm rest:<br/> + <img src="t60_dev/0003.JPG" alt="" /> + </p> + + <p> + Lift up the keyboard, pull it back a bit, flip it over like that and then disconnect it from the board:<br/> + <img src="t60_dev/0004.JPG" alt="" /> <img src="t60_dev/0005.JPG" alt="" /> <img src="t60_dev/0006.JPG" alt="" /> + </p> + + <p> + Gently wedge both sides loose:<br/> + <img src="t60_dev/0007.JPG" alt="" /> <img src="t60_dev/0008.JPG" alt="" /> + </p> + + <p> + Remove that cable from the position:<br/> + <img src="t60_dev/0009.JPG" alt="" /> <img src="t60_dev/0010.JPG" alt="" /> + </p> + + <p> + Now remove that bezel. Remove wifi, nvram battery and speaker connector (also remove 56k modem, on the left of wifi):<br/> + <img src="t60_dev/0011.JPG" alt="" /> + </p> + + <p> + Remove those screws:<br/> + <img src="t60_dev/0012.JPG" alt="" /> + </p> + + <p> + Disconnect the power jack:<br/> + <img src="t60_dev/0013.JPG" alt="" /> + </p> + + <p> + Remove nvram battery:<br/> + <img src="t60_dev/0014.JPG" alt="" /> + </p> + + <p> + Disconnect cable (for 56k modem) and disconnect the other cable:<br/> + <img src="t60_dev/0015.JPG" alt="" /> <img src="t60_dev/0016.JPG" alt="" /> + </p> + + <p> + Disconnect speaker cable:<br/> + <img src="t60_dev/0017.JPG" alt="" /> + </p> + + <p> + Disconnect the other end of the 56k modem cable:<br/> + <img src="t60_dev/0018.JPG" alt="" /> + </p> + + <p> + Make sure you removed it:<br/> + <img src="t60_dev/0019.JPG" alt="" /> + </p> + + <p> + Unscrew those:<br/> + <img src="t60_dev/0020.JPG" alt="" /> + </p> + + <p> + Make sure you removed those:<br/> + <img src="t60_dev/0021.JPG" alt="" /> + </p> + + <p> + Disconnect LCD cable from board:<br/> + <img src="t60_dev/0022.JPG" alt="" /> + </p> + + <p> + Remove those screws then remove the LCD assembly:<br/> + <img src="t60_dev/0023.JPG" alt="" /> <img src="t60_dev/0024.JPG" alt="" /> <img src="t60_dev/0025.JPG" alt="" /> + </p> + + <p> + Once again, make sure you removed those:<br/> + <img src="t60_dev/0026.JPG" alt="" /> + </p> + + <p> + Remove the shielding containing the motherboard, then flip it over. Remove these screws, placing them on a steady + surface in the same layout as they were in before you removed them. Also, you should mark each screw hole after removing the + screw (a permanent marker pen will do), this is so that you have a point of reference when re-assembling the machine:<br/> + <img src="t60_dev/0027.JPG" alt="" /> <img src="t60_dev/0028.JPG" alt="" /> <img src="t60_dev/0029.JPG" alt="" /> + <img src="t60_dev/0031.JPG" alt="" /> <img src="t60_dev/0032.JPG" alt="" /> <img src="t60_dev/0033.JPG" alt="" /> + </p> + + <p> + At this point, you should wire up your programmer according to it's documentation. For me, this was (see: "SparkFun cable pin reference"):<br/> + <a href="http://dangerousprototypes.com/docs/Common_Bus_Pirate_cable_pinouts" target="_blank">http://dangerousprototypes.com/docs/Common_Bus_Pirate_cable_pinouts</a>.<br/> + Correlating with the following information, I was able to wire up my pirate correctly:<br/> + <a href="http://flashrom.org/Bus_Pirate#Connections" target="_blank">http://flashrom.org/Bus_Pirate#Connections</a><br/> + And by following that advice:<br/> + <a href="http://www.coreboot.org/Board:lenovo/x60/Installation#Howto" target="_blank">http://www.coreboot.org/Board:lenovo/x60/Installation#Howto</a>.<br/> + (it says X60 but instructions are virtually the same for the T60, with except to physical differences in how to disassemble the machine)<br/> + Note: that last page says to wire up only those 5 pins (see below) like that: 1, 2, 4, 5, 6.<br/> + Note: and then, for power it says (on that coreboot.org page) to connect the power jack to the board and connect the + AC adapter (without powering on the board).<br/> + Note: I ignored that advice, and wired up all 8 pins. And it worked.<br/> + + Here is the pinout (correlate it with your programmer's documentation):<br/> + <img src="t60_dev/0030.JPG" alt="" /> + </p> + + <p> + Connecting the pomona:<br/> + <img src="t60_dev/0034.JPG" alt="" /> + </p> + + <p> + Connect programmer to 2nd computer:<br/> + <img src="t60_dev/0035.JPG" alt="" /> + </p> + + <p> + Programmer has power:<br/> + <img src="t60_dev/0036.JPG" alt="" /> + </p> + + <p> + Now flash the bricked machine using the 2nd computer. in my case I did:<br/> + <b>flashrom -p buspirate_spi:dev=/dev/ttyUSB0 -w bin/t60/libreboot_usqwerty.rom</b><br/> + Note: there are also other ROM images for T60<br/> + Note: this is using buspirate as the programmer, so it is flashing the T60, not the 2nd computer!<br/> + Here's my terminal window on the 2nd computer (also the programmer is active):<br/> + <img src="t60_dev/0037.JPG" alt="" /> <img src="t60_dev/0038.JPG" alt="" /><br/> + So, you should see the following:<br/> + -- + <pre> + flashrom v0.9.5.2-r1517 on Linux 3.2.0-61-generic (i686), built with libpci 3.1.8, GCC 4.6.3, little endian + flashrom is free software, get the source code at http://www.flashrom.org + + Calibrating delay loop... delay loop is unreliable, trying to continue OK. + Found Macronix flash chip "MX25L1605" (2048 kB, SPI) on buspirate_spi. + Reading old flash chip contents... done. + Erasing and writing flash chip... Erase/write done. + Verifying flash... VERIFIED. + </pre> + --<br/> + At the end it says "VERIFIED", which means that the procedure worked. If you see this, it means + that you can put your T60 back together. So let's do that now. + </p> + + <p> + Put those screws back:<br/> + <img src="t60_dev/0047.JPG" alt="" /> + </p> + + <p> + Put it back into lower chassis:<br/> + <img src="t60_dev/0048.JPG" alt="" /> + </p> + + <p> + Attach LCD and insert screws (also, attach the lcd cable to the board):<br/> + <img src="t60_dev/0049.JPG" alt="" /> + </p> + + <p> + Insert those screws:<br/> + <img src="t60_dev/0050.JPG" alt="" /> + </p> + + <p> + On the CPU (and there is another chip south-east to it, sorry forgot to take pic) + clean off the old thermal paste (rubbing a1ocheal (misspelling intentional. halal internet)) and apply new (Artic Silver 5 is good, others are good too) + you should also clean the heatsink the same way<br/> + <img src="t60_dev/0051.JPG" alt="" /> + </p> + + <p> + Attach the heatsink and install the screws (also, make sure to install the AC jack as highlighted):<br/> + <img src="t60_dev/0052.JPG" alt="" /> + </p> + + <p> + Reinstall that upper bezel:<br/> + <img src="t60_dev/0053.JPG" alt="" /> + </p> + + <p> + Do that:<br/> + <img src="t60_dev/0054.JPG" alt="" /> <img src="t60_dev/0055.JPG" alt="" /> + </p> + + <p> + Re-attach modem, wifi, (wwan?), and all necessary cables. Sorry, forgot to take pics. Look at previous removal steps to see where they go back to. + </p> + + <p> + Attach keyboard and install nvram battery:<br/> + <img src="t60_dev/0056.JPG" alt="" /> <img src="t60_dev/0057.JPG" alt="" /> + </p> + + <p> + Place keyboard and (sorry, forgot to take pics) reinstall the palmrest and insert screws on the underside:<br/> + <img src="t60_dev/0058.JPG" alt="" /> + </p> + + <p> + It lives!<br/> + <img src="t60_dev/0071.JPG" alt="" /> <img src="t60_dev/0072.JPG" alt="" /> <img src="t60_dev/0073.JPG" alt="" /> + </p> + + <p> + Always stress test ('stress -c 2' and xsensors. below 90C is ok) when replacing cpu paste/heatsink:<br/> + <img src="t60_dev/0074.JPG" alt="" /> + </p> + +<hr/> + + <p> + Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> + See <a href="../license.html">../license.html</a> for license conditions. + </p> + +</body> +</html> diff --git a/docs/howtos/x60_security.html b/docs/howtos/x60_security.html index fc631bf..6abda98 100644 --- a/docs/howtos/x60_security.html +++ b/docs/howtos/x60_security.html @@ -42,6 +42,7 @@ <h1 id="software_requirements">Software requirements</h1> <ul> <li>none (at least in the scope of the article as-is)</li> + <li>You probably want to encrypt your GNU/Linux install using LUKS</li> </ul> <h1> @@ -171,12 +172,12 @@ Not covered yet: </h2> <ul> - <li>Disable cardbus/pcmcia (has fast/direct memory access)</li> + <li>Disable cardbus (has fast/direct memory access)</li> <li>Disable firewire (has fast/direct memory access)</li> <li>Disable flashing the ethernet firmware</li> <li>Disable SPI flash writes (can be re-enabled by unsoldering two parts)</li> <li>Disable use of xrandr/edid on external monitor (cut 2 pins on VGA)</li> - <li>Disable docking station</li> + <li>Disable docking station (might be possible to do it in software, in coreboot upstream as a Kconfig option)</li> </ul> <p> Go to <a href="http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html">http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html</a> @@ -191,13 +192,25 @@ </h2> <ul> <li> - Intrusion detection: randomized seal on screws (need to research) + Intrusion detection: randomized seal on screws<br/> + Just put nail polish with lot of glider on the important screws, take + some good pictures. Keep the pictueres and make sure of their integrity. + Compare the nail polish with the pictures before powering on the laptop. </li> <li> Tips about preventing/mitigating risk of cold boot attack. + <ul> + <li>soldered RAM?</li> + <li>seal RAM door shut (possibly modified lower chassis) so that system has to be disassembled (which has to go through the nail polish)</li> + <li>wipe all RAM at boot/power-off/power-on? (patch in coreboot upstream?)</li> + <li>ask gnutoo about fallback patches (counts number of boots)</li> + </ul> </li> <li> Software-based security hardening (GRUB trust/cryptomount, kernel LUKS/ecryptfs, etc). + <ul> + <li>modify grub to delay password attemps by a few seconds, and fail after a set time (and record all attemps in a counter, writing that to nvram)</li> + </ul> </li> <li> General tips/advice and web links showing how to detect physical intrusions. @@ -205,6 +218,9 @@ <li> For example: <a href="http://cs.tau.ac.il/~tromer/acoustic/">http://cs.tau.ac.il/~tromer/acoustic/</a> </li> + <li> + https://gitorious.org/gnutoo-for-coreboot/grub-assemble/source/a61f636797777a742f65f4c9c58032aa6a9b23c3: + </li> </ul> <h1> @@ -226,7 +242,7 @@ Risk level </h2> <ul> - <li>Modem: highest</li> + <li>Modem (3g/wwan): highest</li> <li>Intel wifi: Near highest</li> <li>Atheros PCI wifi: unknown, but lower than intel wifi.</li> <li>Microphone: only problematic if the computer gets compromised.</li> diff --git a/docs/howtos/x60t_unbrick/.htaccess b/docs/howtos/x60t_unbrick/.htaccess new file mode 100644 index 0000000..75da674 --- /dev/null +++ b/docs/howtos/x60t_unbrick/.htaccess @@ -0,0 +1,2 @@ +Options +Indexes +IndexOptions FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=* diff --git a/docs/howtos/x60t_unbrick/0000.JPG b/docs/howtos/x60t_unbrick/0000.JPG Binary files differnew file mode 100644 index 0000000..4d8de31 --- /dev/null +++ b/docs/howtos/x60t_unbrick/0000.JPG diff --git a/docs/howtos/x60t_unbrick/0001.JPG b/docs/howtos/x60t_unbrick/0001.JPG Binary files differnew file mode 100644 index 0000000..7783c4f --- /dev/null +++ b/docs/howtos/x60t_unbrick/0001.JPG diff --git a/docs/howtos/x60t_unbrick/0002.JPG b/docs/howtos/x60t_unbrick/0002.JPG Binary files differnew file mode 100644 index 0000000..ddc6aac --- /dev/null +++ b/docs/howtos/x60t_unbrick/0002.JPG diff --git a/docs/howtos/x60t_unbrick/0003.JPG b/docs/howtos/x60t_unbrick/0003.JPG Binary files differnew file mode 100644 index 0000000..e1b6586 --- /dev/null +++ b/docs/howtos/x60t_unbrick/0003.JPG diff --git a/docs/howtos/x60t_unbrick/0004.JPG b/docs/howtos/x60t_unbrick/0004.JPG Binary files differnew file mode 100644 index 0000000..b4ae18d --- /dev/null +++ b/docs/howtos/x60t_unbrick/0004.JPG diff --git a/docs/howtos/x60t_unbrick/0005.JPG b/docs/howtos/x60t_unbrick/0005.JPG Binary files differnew file mode 100644 index 0000000..b7b324b --- /dev/null +++ b/docs/howtos/x60t_unbrick/0005.JPG diff --git a/docs/howtos/x60t_unbrick/0006.JPG b/docs/howtos/x60t_unbrick/0006.JPG Binary files differnew file mode 100644 index 0000000..795d02a --- /dev/null +++ b/docs/howtos/x60t_unbrick/0006.JPG diff --git a/docs/howtos/x60t_unbrick/0007.JPG b/docs/howtos/x60t_unbrick/0007.JPG Binary files differnew file mode 100644 index 0000000..0ccdbad --- /dev/null +++ b/docs/howtos/x60t_unbrick/0007.JPG diff --git a/docs/howtos/x60t_unbrick/0008.JPG b/docs/howtos/x60t_unbrick/0008.JPG Binary files differnew file mode 100644 index 0000000..5312934 --- /dev/null +++ b/docs/howtos/x60t_unbrick/0008.JPG diff --git a/docs/howtos/x60t_unbrick/0009.JPG b/docs/howtos/x60t_unbrick/0009.JPG Binary files differnew file mode 100644 index 0000000..9d8e7fa --- /dev/null +++ b/docs/howtos/x60t_unbrick/0009.JPG diff --git a/docs/howtos/x60t_unbrick/0010.JPG b/docs/howtos/x60t_unbrick/0010.JPG Binary files differnew file mode 100644 index 0000000..ea37b18 --- /dev/null +++ b/docs/howtos/x60t_unbrick/0010.JPG diff --git a/docs/howtos/x60t_unbrick/0011.JPG b/docs/howtos/x60t_unbrick/0011.JPG Binary files differnew file mode 100644 index 0000000..ebbaa74 --- /dev/null +++ b/docs/howtos/x60t_unbrick/0011.JPG diff --git a/docs/howtos/x60tablet_unbrick.html b/docs/howtos/x60tablet_unbrick.html new file mode 100644 index 0000000..975c764 --- /dev/null +++ b/docs/howtos/x60tablet_unbrick.html @@ -0,0 +1,212 @@ +<!DOCTYPE html> +<html> +<head> + <meta charset="utf-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + + <style type="text/css"> + body { + background:#fff; + color:#000; + font-family:sans-serif; + font-size:1em; + } + </style> + + <title>Libreboot documentation: Unbricking the ThinkPad X60 Tablet</title> +</head> + +<body> + + <header> + <h1>Unbricking the ThinkPad X60</h1> + <aside>This guide will show you how to recover from a bad flash that prevents your ThinkPad X60 Tablet from booting.</aside> + </header> + + <p>Or go <a href="../index.html">back to main index</a></p> + + <h2>Table of Contents</h2> + <ul> + <li><a href="#hardware_requirements">Hardware Requirements</a></li> + <li><a href="#software_requirements">Software Requirements</a></li> + <li> + Types of brick: + <ul> + <li><a href="#bucts_brick">Brick type 1: bucts not reset</a></li> + <li><a href="#recovery">Brick type 2: bad rom (or user error), machine won't boot</a></li> + </ul> + </li> + </ul> + + <h1 id="hardware_requirements">Hardware requirements</h1> + <ul> + <li>a 2nd computer (maybe another X60 Tablet. any computer will do)</li> + <li>external flashrom-compatible programmer (I'm using the "bus pirate") + <li>SOIC-8 IC clip (I'm using the Pomona 5250)</li> + <li>Cable (programmer<>clip) - mine came with the bus pirate.</li> + <li>USB mini a to b cable (for buspirate<>computer connection).</li> + </ul> + + <h1 id="software_requirements">Software requirements</h1> + <ul> + <li>GNU/Linux (on the 2nd computer)</li> + <li>flashrom software (on the 2nd computer): <a href="http://flashrom.org/" target="_blank">http://flashrom.org/</a> + </ul> + + <h1 id="bucts_brick">Brick type 1: bucts not reset.</h1> + <p> + You still have Lenovo BIOS, or you had libreboot running and you flashed another ROM; and you had bucts 1 set and + the ROM wasn't dd'd.* or if Lenovo BIOS was present and libreboot wasn't flashed.<br/><br/> + + In this case, unbricking is easy: reset BUC.TS to 0 by removing that yellow cmos coin (it's a battery) and putting it back after a minute or two:<br/> + <img src="x60t_unbrick/0008.JPG" alt="" /><br/><br/> + + *Those dd commands should be applied to all newly compiled X60 ROM's (the ROM's in libreboot binary archives already have this applied!):<br/> + dd if=coreboot.rom of=top64k.bin bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x10000] count=64k<br/> + dd if=coreboot.rom bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k | hexdump<br/> + dd if=top64k.bin of=coreboot.rom bs=1 seek=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k conv=notrunc<br/> + (doing this makes the ROM suitable for use when flashing a machine that still has Lenovo BIOS running, + using those instructions: <a href="http://www.coreboot.org/Board:lenovo/x60/Installation" target="_blank">http://www.coreboot.org/Board:lenovo/x60/Installation</a>. + </p> + + <h1 id="recovery">bad rom (or user error), machine won't boot</h1> + <p> + In this scenario, you compiled a ROM that had an incorrect configuration, or there is an actual bug preventing your machine from + booting. Or, maybe, you set BUC.TS to 0 and shut down after first flash while Lenovo BIOS was running. In any case, your machine is bricked and will not boot at all. + </p> + <p> + "Unbricking" means flashing a known-good (working) ROM. The problem: you can't boot the machine, making this difficult. In this situation, external hardware (see hardware requirements above) is needed which can flash the SPI chip (where libreboot resides). + </p> + + <p> + <img src="x60t_unbrick/0000.JPG" alt="" /> + </p> + + <p> + Remove those screws:<br/> + <img src="x60t_unbrick/0001.JPG" alt="" /> + </p> + + <p> + Remove the HDD:<br/> + <img src="x60t_unbrick/0002.JPG" alt="" /> + </p> + + <p> + Push keyboard forward to loosen it:<br/> + <img src="x60t_unbrick/0003.JPG" alt="" /> + </p> + + <p> + Lift:<br/> + <img src="x60t_unbrick/0004.JPG" alt="" /> + </p> + + <p> + Remove those:<br/> + <img src="x60t_unbrick/0005.JPG" alt="" /> + </p> + + <p> + + <img src="x60t_unbrick/0006.JPG" alt="" /> + </p> + + <p> + Also remove that (marked) and unroute the antenna cables:<br/> + <img src="x60t_unbrick/0007.JPG" alt="" /> + </p> + + <p> + Some X60T's you have to unroute those too:<br/> + <img src="x60t_unbrick/0010.JPG" alt="" /> + </p> + + <p> + Remove the LCD extend board screws. Also remove those screws (see blue marks) and remove/unroute the cables and remove the metal plate:<br/> + <img src="x60t_unbrick/0008.JPG" alt="" /> + </p> + + <p> + Remove that screw and then remove the board:<br/> + <img src="x60t_unbrick/0009.JPG" alt="" /> + </p> + + <p> + At this point, you should wire up your programmer according to it's documentation. For me, this was (see: "SparkFun cable pin reference"):<br/> + <a href="http://dangerousprototypes.com/docs/Common_Bus_Pirate_cable_pinouts" target="_blank">http://dangerousprototypes.com/docs/Common_Bus_Pirate_cable_pinouts</a>.<br/> + Correlating with the following information, I was able to wire up my pirate correctly:<br/> + <a href="http://flashrom.org/Bus_Pirate#Connections" target="_blank">http://flashrom.org/Bus_Pirate#Connections</a><br/> + And by following that advice:<br/> + <a href="http://www.coreboot.org/Board:lenovo/x60/Installation#Howto" target="_blank">http://www.coreboot.org/Board:lenovo/x60/Installation#Howto</a>.<br/> + Note: that last page says to wire up only those 5 pins (see below) like that: 1, 2, 4, 5, 6.<br/> + Note: and then, for power it says (on that coreboot.org page) to connect the power jack to the board and connect the + AC adapter (without powering on the board).<br/> + Note: I ignored that advice, and wired up all 8 pins. And it worked.<br/> + + Here is the pinout (correlate it with your programmer's documentation):<br/> + <img src="x60t_unbrick/0011.JPG" alt="" /><br/> + (SPI chip here is on the bottom of the board) + </p> + + <p> + Bus pirate:<br/> + <img src="x60_unbrick/0019.jpg" alt="" /> + </p> + + <p> + Pomona 5250:<br/> + <img src="x60_unbrick/0020.jpg" alt="" /> + </p> + + <p> + Connect pomona:<br/> + <img src="x60_unbrick/0022.jpg" alt="" /> + </p> + + <p> + Connect pirate to USB on 2nd computer:<br/> + <img src="x60_unbrick/0024.jpg" alt="" /> + </p> + + <p> + Pirate is active:<br/> + <img src="x60_unbrick/0023.jpg" alt="" /> + </p> + + <p> + <img src="x60_unbrick/0025.jpg" alt="" /> + </p> + + <p> + On the 2nd machine, I did: <b>flashrom -p buspirate_spi:dev=/dev/ttyUSB0 -w bin/x60t/libreboot_ukqwerty.rom</b> + </p> + + <pre> + flashrom v0.9.5.2-r1517 on Linux 3.2.0-61-generic (i686), built with libpci 3.1.8, GCC 4.6.3, little endian + flashrom is free software, get the source code at http://www.flashrom.org + + Calibrating delay loop... delay loop is unreliable, trying to continue OK. + Found Macronix flash chip "MX25L1605" (2048 kB, SPI) on buspirate_spi. + Reading old flash chip contents... done. + Erasing and writing flash chip... Erase/write done. + Verifying flash... VERIFIED. + </pre> + + <p> + At the end it says "VERIFIED", which means that the procedure worked. If you see this, it means that you can put your X60T back together. So let's do that now. + </p> + + <p> + Reverse the steps to re-assemble your machine. + </p> + +<hr/> + + <p> + Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> + See <a href="../license.html">../license.html</a> for license conditions. + </p> + +</body> +</html> |
